The Future of Consumerist

Over the last twelve years, Consumerist has been a steadfast proponent and voice on behalf of consumers, from exposing shady practices by secretive cable companies to pushing for action against dodgy payday lenders. Now, we’re joining forces with Consumer Reports, our parent organization, to cultivate the next generation of consumer advocacy.

Stay tuned as Consumerist’s current and future content finds its home as a part of the Consumer Reports brand. In the meantime, you can access existing Consumerist content below, and we encourage you to visit Consumer Reports to read the latest consumer news.

It’s like something out of a movie starring Matthew Broderick. Researchers at Columbia University claim they’ve discovered a vulnerability that could let hackers remotely access your printer for nefarious hijinks, like making said printer go up in flames.

The Columbia eggheads have been probing the depths of printers, specifically those made by HP, for several months. They have already briefed the relevant federal agencies and the folks at HP about the problem.

The problem, claim the scientists, lies in the printers’ firmware and the fact that, while many recently built printers are so multifunctional that they operate in much the same way a computer does — and are often connected to the internet — they do not have the same protection that a networked computer does.

From MSNBC:

[The researchers] say they’ve reverse engineered software that controls common Hewlett-Packard LaserJet printers. Those printers allow firmware upgrades through a process called “Remote Firmware Update.” Every time the printer accepts a job, it checks to see if a software update is included in that job. But they say printers they examined don’t discriminate the source of the update software – a typical digital signature is not used to verify the upgrade software’s authenticity – so anyone can instruct the printer to erase its operating software and install a booby-trapped version.

While all of these printers could be hacked simply by tricking someone into printing a document that contains the virus, those printers that are accessible via the Internet don’t require a dupe to print out the offending document.

“The problem is, technology companies aren’t really looking into this corner of the Internet,” said Stolfo. “The research on this is crystal clear. The impact of this is very large. These devices are completely open and available to be exploited.”

Stolfo and his team demonstrated that a hacker could remotely heat up a printer’s fuser, causing the paper to turn brown and smoke. A thermal switch caused the printer to turn off before it could truly catch fire, but the researchers believe that other printers are more vulnerable to going up in flames.

As for HP, the computer company said it hasn’t been able to confirm or deny the researchers’ findings. Regardless, HP “takes this very seriously.”

“Until we verify the security issue, it is difficult to comment,” the HP rep tells MSNBC.